VPC - Virtual Private Cloud
What is a VPC?
A Virtual Private Cloud (VPC) is a logically isolated section of a cloud provider’s network where users can launch and manage resources (like virtual machines, databases, and containers) in a virtual network that they define and control. It mimics a traditional on-premises network but with the scalability and flexibility of the cloud.
Why is VPC useful?
Provides network isolation and control over IP addressing, routing, and security.
Enables secure communication between cloud resources and on-premises infrastructure.
Supports custom subnets, firewalls, and VPNs.
Facilitates multi-tier application architecture in the cloud.
Allows fine-grained access control using security groups and network ACLs.
How it works?
User creates a VPC — defines IP range (CIDR block), subnets, and routing tables.
Resources are launched — instances, databases, and containers are deployed into subnets.
Security is configured — security groups and NACLs control traffic flow.
Connectivity is established — via internet gateway, VPNs, or peering connections.
Traffic is routed — based on custom route tables and NAT gateways.
Where is VPC used?
Cloud-hosted applications — web apps, APIs, and microservices.
Hybrid cloud environments — connecting on-premises data centers to the cloud.
Multi-tier architecture — separating web, app, and database layers.
Secure data processing — isolating sensitive workloads in private subnets.
Disaster recovery — hosting backup systems in separate, isolated networks.
Which OSI layer does this protocol belong to?
VPC operates at Layer 3, managing IP addressing and routing.
It defines subnets, route tables, and gateways for packet delivery.
Enables logical segmentation of cloud networks for secure and efficient communication.
Topics in this section,
In this section, you are going to learn
Terminology
Version Info
S.No |
VPC Concept |
RFC Number |
Core Idea / Contribution |
Year |
|---|---|---|---|---|
1 |
Virtual Private Cloud (VPC) |
Vendor-specific (AWS, GCP, Azure) |
VPC is a cloud-native concept; not defined by a single RFC but built on standard IP networking. |
N/A |
2 |
IP Addressing in VPC |
RFC 1918 |
Defines private IP address ranges (e.g., 10.0.0.0/8, 192.168.0.0/16) used in VPCs. |
1996 |
3 |
CIDR Notation |
RFC 4632 |
Defines Classless Inter-Domain Routing (CIDR) used to allocate IP ranges in VPCs. |
2006 |
4 |
VPN over IPsec (for VPC) |
RFC 4301 |
Security architecture for IPsec, used in VPC VPN connections. |
2005 |
5 |
VXLAN (used in VPC tunneling) |
RFC 7348 |
Describes VXLAN encapsulation used in multi-zone or hybrid VPC networking. |
2014 |
6 |
BGP for VPC Routing |
RFC 4271 |
Border Gateway Protocol used in dynamic routing between VPCs and on-premises networks. |
2006 |
Setup
Setup
VPC Data Packet
S.No |
Protocol Packet |
Description |
Size(Bytes) |
|---|---|---|---|
1 |
Data Packet |
Carries application data (e.g., HTTP, DB queries) between instances or services. |
601500 (typical) |
Version |
IP version (IPv4 or IPv6) |
1 |
|
Source IP Address |
IP of the sending instance |
16-Apr |
|
Destination IP Address |
IP of the receiving instance or external endpoint |
16-Apr |
|
Header Length |
Length of the IP header |
1 |
|
Total Length |
Total size of the packet |
2 |
|
Protocol |
TCP = 6, UDP = 17, etc. |
1 |
|
TTL |
Time to Live, decremented per hop |
1 |
|
Payload |
Application data |
Variable |
VPC Control Packet
S.No |
Protocol Packet |
Description |
Size(Bytes) |
|---|---|---|---|
2 |
Control Packet |
Used for diagnostics (e.g., ICMP ping, traceroute) |
60100 |
ICMP Type/Code |
Indicates control message type (e.g., Echo Request) |
12 |
|
Payload |
Diagnostic data |
Variable |
VPC Management Packet
S.No |
Protocol Packet |
Description |
Size(Bytes) |
|---|---|---|---|
3 |
Management Packet |
Used internally by cloud provider for routing, flow logs, health checks |
Cloud-managed |
Metadata |
Flow log tags, routing info, security group enforcement |
Cloud-managed |
VPC Metadata Packet
S.No |
Protocol Packet |
Description |
Size(Bytes) |
|---|---|---|---|
4 |
Metadata Packet |
Sent to/from Instance Metadata Service (IMDS) |
60150 |
Source IP Address |
Instance IP |
4 |
|
Destination IP Address |
IMDS IP (e.g., 169.254.169.254) |
4 |
|
Protocol |
HTTP over link-local |
1 |
|
Payload |
Metadata request/response |
Variable |
VPC Encapsulation Packet
S.No |
Protocol Packet |
Description |
Size(Bytes) |
|---|---|---|---|
5 |
Encapsulation Packet |
Used in hybrid/multi-zone networks (e.g., VXLAN, GRE tunneling) |
1001600+ |
Outer Header |
Encapsulation header (VXLAN, GRE) |
850 |
|
Inner Packet |
Original IP packet being tunneled |
Variable |
S.No |
Use Case |
Description |
|---|---|---|
1 |
Isolated Networking |
Provides logically isolated network environments for secure cloud deployments. |
2 |
Subnet Segmentation |
Allows division of networks into public and private subnets for better control. |
3 |
Security Group Enforcement |
Controls inbound and outbound traffic at the instance level using firewall rules. |
4 |
Custom Route Tables |
Enables routing of traffic between subnets, VPNs, and gateways. |
5 |
Internet Gateway Access |
Allows instances in public subnets to access the internet securely. |
6 |
VPN and Direct Connect |
Connects on-premises networks to the cloud via secure tunnels or dedicated links. |
7 |
Load Balancing |
Distributes traffic across multiple instances within the VPC. |
8 |
High Availability |
Supports multi-AZ deployments for fault tolerance and redundancy. |
9 |
Logging and Monitoring |
Integrates with flow logs and monitoring tools for traffic analysis and auditing. |
10 |
Hybrid Cloud Architecture |
Facilitates seamless integration between cloud and on-premises infrastructure. |
S.No |
Feature |
Description |
|---|---|---|
1 |
Private IP Addressing |
Uses private IP ranges (e.g., 10.0.0.0/16) for internal communication. |
2 |
Subnetting |
Divides the VPC into smaller sub-networks for better traffic management. |
3 |
Route Tables |
Directs traffic within the VPC and to external networks using custom routes. |
4 |
Security Groups |
Acts as virtual firewalls to control inbound and outbound traffic. |
5 |
Network ACLs |
Provides stateless filtering at the subnet level for additional security. |
6 |
Elastic IP Support |
Allows static public IPs to be associated with instances for consistent access. |
7 |
NAT Gateway Integration |
Enables private instances to access the internet without exposing them directly. |
8 |
Internet Gateway Access |
Facilitates internet access for public subnets. |
9 |
DNS Resolution |
Supports internal DNS for name resolution of instances and services. |
10 |
IPv6 Support |
Offers optional IPv6 addressing for scalable and modern networking. |
Private IP Addressing - Testcases
S.No |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Assign Private IP |
Assign a private IP to an instance |
Instance receives correct IP |
2 |
Static Private IP |
Assign static private IP |
IP remains consistent after reboot |
3 |
Dynamic Private IP |
Assign dynamic private IP |
IP is assigned from subnet pool |
4 |
IP Conflict |
Assign same IP to two instances |
Conflict detected and prevented |
5 |
IP Release |
Release private IP from instance |
IP is removed and reusable |
6 |
Reassign IP |
Reassign released IP |
IP is reassigned successfully |
7 |
Subnet Range |
Assign IP within subnet range |
IP is valid and accepted |
8 |
Outside Subnet |
Assign IP outside subnet |
Operation fails with error |
9 |
Multiple IPs |
Assign multiple private IPs |
All IPs are assigned correctly |
10 |
Max IPs |
Assign max allowed IPs |
Limit enforced correctly |
11 |
IP Retention |
Retain IP after stop/start |
IP remains unchanged |
12 |
IP Change |
Change private IP manually |
New IP is applied |
13 |
IP Format |
Assign invalid IP format |
Operation fails with error |
14 |
Subnet Exhaustion |
Exhaust all IPs in subnet |
No new IPs can be assigned |
15 |
IP Ping |
Ping instance via private IP |
Ping succeeds |
16 |
DNS Resolution |
Resolve private IP via DNS |
Correct hostname returned |
17 |
IP Routing |
Route traffic to private IP |
Traffic reaches destination |
18 |
IP Isolation |
Isolate private IP from internet |
No public access allowed |
19 |
IP NAT |
Use NAT with private IP |
Outbound traffic is translated |
20 |
IP ACL |
Apply ACL to private IP |
Access is controlled |
21 |
IP Firewall |
Apply firewall rules |
Rules enforced correctly |
22 |
IP Logging |
Log traffic to private IP |
Logs are generated |
23 |
IP Monitoring |
Monitor private IP usage |
Metrics are collected |
24 |
IP Tagging |
Tag private IPs |
Tags are applied and visible |
25 |
IP Migration |
Move IP to another instance |
IP reassigned successfully |
26 |
IP in Peered VPC |
Use private IP in peered VPC |
Communication succeeds |
27 |
IP in VPN |
Use private IP over VPN |
Traffic flows securely |
28 |
IP in Transit Gateway |
Route via transit gateway |
Traffic routed correctly |
29 |
IP in Load Balancer |
Use private IP in backend |
Load balancer routes traffic |
30 |
IP in Auto Scaling |
Use private IPs in ASG |
IPs assigned dynamically |
31 |
IP in ECS |
Assign private IP to container |
Container receives IP |
32 |
IP in Kubernetes |
Assign private IP to pod |
Pod receives IP |
33 |
IP in Hybrid Cloud |
Use private IP in hybrid setup |
IP reachable via VPN/direct connect |
34 |
IP in Multi-AZ |
Assign IPs across AZs |
IPs work across zones |
35 |
IP in IPv6 Subnet |
Assign IPv4 private IP |
IP assigned correctly |
36 |
IP in Dual Stack |
Use IPv4 and IPv6 |
Both IPs function correctly |
37 |
IP in Reserved Range |
Use reserved IP (e.g., .0 or .255) |
Operation fails |
38 |
IP in DHCP Option Set |
Use DHCP for private IP |
IP assigned via DHCP |
39 |
IP in Custom Route Table |
Route to private IP |
Route works as expected |
40 |
IP in Security Group |
Apply SG to private IP |
Rules enforced |
41 |
IP in Bastion Host |
Access private IP via bastion |
Access succeeds |
42 |
IP in NACL |
Apply NACL to subnet |
IP traffic filtered |
43 |
IP in Flow Logs |
Capture traffic logs |
Logs show private IP traffic |
44 |
IP in Interface Endpoint |
Use private IP in endpoint |
Endpoint reachable |
45 |
IP in Gateway Endpoint |
Use private IP in gateway |
Endpoint reachable |
46 |
IP in Elastic Network Interface |
Assign to ENI |
IP bound to ENI |
47 |
IP in Failover |
Test failover with private IP |
IP reassigned to standby |
48 |
IP in Backup/Restore |
Restore instance with same IP |
IP retained |
49 |
IP in Audit Trail |
Track IP assignment |
Events logged |
50 |
IP in Compliance Check |
Validate private IP usage |
Compliance passed |
Subnetting - Testcases
S.No |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Create Subnet |
Create a subnet in a VPC |
Subnet created successfully |
2 |
Subnet CIDR Range |
Use valid CIDR block |
Subnet accepts CIDR |
3 |
Overlapping CIDR |
Create overlapping subnets |
Operation fails |
4 |
Max Subnets |
Create max allowed subnets |
Limit enforced |
5 |
Subnet in Different AZ |
Create subnet in another AZ |
Subnet created in specified AZ |
6 |
Subnet Tagging |
Add tags to subnet |
Tags applied successfully |
7 |
Subnet Deletion |
Delete a subnet |
Subnet deleted |
8 |
Subnet Reuse |
Reuse deleted subnet CIDR |
CIDR reused successfully |
9 |
Subnet Routing |
Associate route table |
Routes applied correctly |
10 |
Subnet ACL |
Associate NACL |
NACL rules enforced |
11 |
Subnet SG |
Launch instance with SG |
SG rules applied |
12 |
Subnet DHCP |
Use DHCP options set |
DHCP options applied |
13 |
Subnet Public |
Mark subnet as public |
Internet access enabled |
14 |
Subnet Private |
Mark subnet as private |
No direct internet access |
15 |
Subnet NAT |
Use NAT gateway in private subnet |
Outbound traffic allowed |
16 |
Subnet Internet Gateway |
Attach IGW to public subnet |
Internet access enabled |
17 |
Subnet Peering |
Route to peered VPC |
Communication succeeds |
18 |
Subnet VPN |
Route via VPN |
Traffic flows securely |
19 |
Subnet Transit Gateway |
Attach to TGW |
Routing works |
20 |
Subnet Load Balancer |
Use subnet for ELB |
Load balancer functions |
21 |
Subnet Auto Scaling |
Use subnet in ASG |
Instances launched in subnet |
22 |
Subnet ECS |
Use subnet for ECS tasks |
Tasks run in subnet |
23 |
Subnet Kubernetes |
Use subnet for EKS pods |
Pods scheduled correctly |
24 |
Subnet IPv6 |
Enable IPv6 in subnet |
IPv6 addresses assigned |
25 |
Subnet Dual Stack |
Use IPv4 and IPv6 |
Both protocols work |
26 |
Subnet Size /28 |
Create small subnet |
Subnet created with 16 IPs |
27 |
Subnet Size /16 |
Create large subnet |
Subnet created with 65,536 IPs |
28 |
Subnet Exhaustion |
Use all IPs in subnet |
No more IPs assignable |
29 |
Subnet Isolation |
Isolate subnet from others |
No cross-subnet traffic |
30 |
Subnet Logging |
Enable flow logs |
Logs generated |
31 |
Subnet Monitoring |
Monitor subnet traffic |
Metrics available |
32 |
Subnet Compliance |
Check subnet config |
Passes compliance checks |
33 |
Subnet Audit |
Track subnet changes |
Changes logged |
34 |
Subnet Backup |
Backup subnet config |
Backup created |
35 |
Subnet Restore |
Restore from backup |
Subnet restored |
36 |
Subnet Migration |
Move resources to new subnet |
Migration successful |
37 |
Subnet Scaling |
Add more subnets |
Network scales horizontally |
38 |
Subnet Performance |
Test throughput |
Meets expected performance |
39 |
Subnet Latency |
Measure latency |
Within acceptable range |
40 |
Subnet Security |
Apply security policies |
Policies enforced |
41 |
Subnet ACL Logging |
Log NACL hits |
Logs show traffic |
42 |
Subnet with Bastion |
Access private subnet via bastion |
Access successful |
43 |
Subnet with Interface Endpoint |
Use private endpoint |
Endpoint reachable |
44 |
Subnet with Gateway Endpoint |
Use gateway endpoint |
Endpoint reachable |
45 |
Subnet with Elastic IP |
Assign EIP to instance |
EIP works in subnet |
46 |
Subnet with ENI |
Attach ENI to subnet |
ENI functions correctly |
47 |
Subnet with Failover |
Test failover between subnets |
Failover successful |
48 |
Subnet with Multi-AZ |
Use subnets across AZs |
High availability achieved |
49 |
Subnet with Reserved IPs |
Use .0 or .255 IPs |
Operation fails |
50 |
Subnet with Custom Route Table |
Use custom routes |
Routing works as expected |
Route Tables - Testcases
S.No |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Create Route Table |
Create a new route table |
Route table created successfully |
2 |
Delete Route Table |
Delete an unused route table |
Route table deleted |
3 |
Associate Subnet |
Associate a subnet with a route table |
Subnet uses the route table |
4 |
Disassociate Subnet |
Remove subnet association |
Subnet reverts to main route table |
5 |
Add Route |
Add a route to a destination CIDR |
Route added successfully |
6 |
Delete Route |
Remove a route from the table |
Route removed successfully |
7 |
Modify Route |
Change next hop for a route |
Route updated successfully |
8 |
Route to IGW |
Add route to internet gateway |
Internet access enabled |
9 |
Route to NAT |
Add route to NAT gateway |
Private subnet has outbound access |
10 |
Route to VPC Peering |
Add route to peered VPC |
Peered VPC reachable |
11 |
Route to VPN |
Add route to VPN connection |
VPN traffic routed correctly |
12 |
Route to TGW |
Add route to transit gateway |
Traffic routed via TGW |
13 |
Route to ENI |
Add route to specific ENI |
Traffic routed to ENI |
14 |
Route to Instance |
Add route to instance ID |
Traffic routed to instance |
15 |
Route to Blackhole |
Add route to non-existent target |
Route status shows blackhole |
16 |
Route to Local |
Ensure local route exists |
Local route present by default |
17 |
Overlapping CIDRs |
Add overlapping CIDR routes |
Most specific route is used |
18 |
Route Priority |
Test route selection priority |
Most specific route is chosen |
19 |
Route Table Tags |
Add tags to route table |
Tags applied successfully |
20 |
Route Table Logging |
Enable logging for route changes |
Logs generated |
21 |
Route Table Monitoring |
Monitor route table usage |
Metrics available |
22 |
Route Table Audit |
Track changes to route table |
Changes logged |
23 |
Route Table Compliance |
Validate route table config |
Passes compliance checks |
24 |
Route Table Backup |
Backup route table config |
Backup created |
25 |
Route Table Restore |
Restore from backup |
Route table restored |
26 |
Route Table in Public Subnet |
Use route table in public subnet |
Internet access works |
27 |
Route Table in Private Subnet |
Use route table in private subnet |
No direct internet access |
28 |
Route Table in Isolated Subnet |
No route to IGW or NAT |
Subnet fully isolated |
29 |
Route Table with Multiple Routes |
Add multiple routes |
All routes function correctly |
30 |
Route Table with Default Route |
Add 0.0.0.0/0 route |
Default route applied |
31 |
Route Table with IPv6 |
Add IPv6 route |
IPv6 traffic routed |
32 |
Route Table with Dual Stack |
Add IPv4 and IPv6 routes |
Both routes function |
33 |
Route Table with Custom CIDR |
Add custom CIDR route |
Route added successfully |
34 |
Route Table with Invalid CIDR |
Add invalid CIDR |
Operation fails |
35 |
Route Table with Invalid Target |
Add route to invalid target |
Operation fails |
36 |
Route Table with Conflicting Routes |
Add conflicting routes |
Most specific route used |
37 |
Route Table with Interface Endpoint |
Route to VPC endpoint |
Endpoint reachable |
38 |
Route Table with Gateway Endpoint |
Route to gateway endpoint |
Endpoint reachable |
39 |
Route Table with Bastion Host |
Route to bastion host |
Access to private subnet works |
40 |
Route Table with Load Balancer |
Route to ELB |
Load balancer reachable |
41 |
Route Table with Auto Scaling |
Use in ASG subnets |
Instances route correctly |
42 |
Route Table with ECS |
Use in ECS subnets |
Tasks route correctly |
43 |
Route Table with EKS |
Use in EKS subnets |
Pods route correctly |
44 |
Route Table with Multi-AZ |
Use across AZs |
Routing works in all AZs |
45 |
Route Table with Flow Logs |
Enable flow logs |
Logs show route usage |
46 |
Route Table with Security Groups |
Combine with SGs |
Traffic filtered correctly |
47 |
Route Table with NACLs |
Combine with NACLs |
Traffic filtered correctly |
48 |
Route Table with Failover |
Test failover route |
Backup route used |
49 |
Route Table with Static Routes |
Use only static routes |
Routing works as configured |
50 |
Route Table with Dynamic Routing |
Integrate with BGP (if supported) |
Dynamic routes applied |
Security Groups - Testcases
S.No |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Create Security Group |
Create a new security group in VPC |
Security group is created successfully |
2 |
Delete Security Group |
Delete an existing security group |
Security group is deleted |
3 |
Modify Security Group Name |
Change the name of a security group |
Name is updated |
4 |
Add Inbound Rule |
Add an inbound rule to a security group |
Rule is added and active |
5 |
Add Outbound Rule |
Add an outbound rule to a security group |
Rule is added and active |
6 |
Remove Inbound Rule |
Remove an inbound rule from a security group |
Rule is removed |
7 |
Remove Outbound Rule |
Remove an outbound rule from a security group |
Rule is removed |
8 |
View Security Group Rules |
List all rules in a security group |
All rules are displayed |
9 |
Attach Security Group to Instance |
Associate a security group with an EC2 instance |
Instance is protected by the group |
10 |
Detach Security Group from Instance |
Remove a security group from an EC2 instance |
Instance no longer uses the group |
11 |
Create Rule with Specific Port |
Add rule for port 80 |
Rule allows traffic on port 80 |
12 |
Create Rule with Port Range |
Add rule for ports 1000-2000 |
Rule allows traffic in range |
13 |
Create Rule with Specific Protocol |
Add rule for TCP protocol |
TCP traffic is allowed |
14 |
Create Rule with ICMP Protocol |
Add rule for ICMP |
ICMP traffic is allowed |
15 |
Create Rule with All Protocols |
Add rule for all protocols |
All traffic is allowed |
16 |
Create Rule with Specific CIDR |
Add rule for CIDR 192.168.1.0/24 |
Traffic from CIDR is allowed |
17 |
Create Rule with 0.0.0.0/0 |
Add rule for all IPs |
All IPs are allowed |
18 |
Create Rule with Security Group Source |
Add rule referencing another security group |
Traffic from referenced group is allowed |
19 |
Create Duplicate Rule |
Add same rule twice |
Duplicate rule is rejected |
20 |
Create Conflicting Rule |
Add rule that conflicts with existing one |
Conflict is flagged |
21 |
Validate Rule Priority |
Check rule evaluation order |
Rules are evaluated correctly |
22 |
Validate Default Security Group |
Check default group behavior |
Default group allows all outbound |
23 |
Revoke All Rules |
Remove all rules from a group |
No traffic is allowed |
24 |
Apply Security Group to Multiple Instances |
Attach group to multiple EC2s |
All instances use the group |
25 |
Validate Security Group Isolation |
Ensure groups isolate traffic |
Traffic is blocked between groups |
26 |
Test Inbound SSH Access |
Allow SSH from specific IP |
SSH access is successful |
27 |
Test Inbound HTTP Access |
Allow HTTP from internet |
HTTP access is successful |
28 |
Test Outbound DNS Access |
Allow outbound DNS |
DNS queries succeed |
29 |
Test Outbound HTTPS Access |
Allow outbound HTTPS |
HTTPS access is successful |
30 |
Test Denied Inbound Access |
Block all inbound traffic |
No inbound traffic allowed |
31 |
Test Denied Outbound Access |
Block all outbound traffic |
No outbound traffic allowed |
32 |
Validate Logging of Rule Changes |
Check audit logs for rule updates |
Changes are logged |
33 |
Validate Security Group Limits |
Create max number of rules |
Limit is enforced |
34 |
Validate Security Group Quota |
Create max number of groups |
Quota is enforced |
35 |
Validate Security Group Tags |
Add tags to group |
Tags are saved |
36 |
Search Security Group by Tag |
Find group using tag |
Group is found |
37 |
Export Security Group Configuration |
Export rules to file |
File contains correct rules |
38 |
Import Security Group Configuration |
Import rules from file |
Rules are applied |
39 |
Clone Security Group |
Duplicate group with same rules |
New group is created |
40 |
Rename Security Group |
Change group name |
Name is updated |
41 |
Validate Security Group on VPC Peering |
Test rules across peered VPCs |
Rules apply correctly |
42 |
Validate Security Group on Load Balancer |
Attach group to ELB |
ELB traffic is filtered |
43 |
Validate Security Group on RDS |
Attach group to RDS |
RDS traffic is filtered |
44 |
Validate Security Group on Lambda |
Attach group to Lambda |
Lambda uses group rules |
45 |
Validate Security Group on ECS |
Attach group to ECS service |
ECS traffic is filtered |
46 |
Validate Security Group on VPN |
Attach group to VPN endpoint |
VPN traffic is filtered |
47 |
Validate Security Group on NAT Gateway |
Attach group to NAT |
NAT traffic is filtered |
48 |
Validate Security Group on Transit Gateway |
Attach group to TGW |
TGW traffic is filtered |
49 |
Validate Security Group on Interface Endpoint |
Attach group to endpoint |
Endpoint traffic is filtered |
50 |
Validate Security Group on Gateway Endpoint |
Attach group to gateway |
Gateway traffic is filtered |
Network ACLs - Testcases
S.No |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Create NACL |
Create a new NACL |
NACL created successfully |
2 |
Delete NACL |
Delete an unused NACL |
NACL deleted successfully |
3 |
Associate Subnet |
Associate a subnet with NACL |
Subnet uses the NACL |
4 |
Disassociate Subnet |
Remove subnet from NACL |
Subnet reverts to default NACL |
5 |
Add Allow Rule |
Add rule to allow traffic |
Traffic is allowed |
6 |
Add Deny Rule |
Add rule to deny traffic |
Traffic is blocked |
7 |
Rule Priority |
Add rules with different priorities |
Lower numbered rule takes precedence |
8 |
Inbound Rule |
Add inbound rule |
Inbound traffic is filtered |
9 |
Outbound Rule |
Add outbound rule |
Outbound traffic is filtered |
10 |
Allow HTTP |
Allow TCP port 80 |
HTTP traffic allowed |
11 |
Allow HTTPS |
Allow TCP port 443 |
HTTPS traffic allowed |
12 |
Allow SSH |
Allow TCP port 22 |
SSH traffic allowed |
13 |
Deny All |
Deny all traffic |
All traffic blocked |
14 |
Allow All |
Allow all traffic |
All traffic allowed |
15 |
ICMP Allow |
Allow ICMP traffic |
Ping succeeds |
16 |
ICMP Deny |
Deny ICMP traffic |
Ping fails |
17 |
Custom Port Allow |
Allow custom port (e.g., 8080) |
Traffic allowed |
18 |
Custom Port Deny |
Deny custom port (e.g., 3306) |
Traffic blocked |
19 |
Rule Logging |
Enable logging for NACL |
Logs generated |
20 |
Rule Monitoring |
Monitor NACL traffic |
Metrics available |
21 |
Rule Audit |
Track changes to NACL |
Changes logged |
22 |
Rule Compliance |
Validate NACL config |
Passes compliance checks |
23 |
Rule Backup |
Backup NACL configuration |
Backup created |
24 |
Rule Restore |
Restore NACL from backup |
Rules restored |
25 |
Rule Tagging |
Add tags to NACL |
Tags applied successfully |
26 |
Rule with CIDR |
Add rule with specific CIDR |
Rule applied correctly |
27 |
Rule with 0.0.0.0/0 |
Allow all IPs |
All IPs allowed |
28 |
Rule with Specific IP |
Allow single IP |
Only that IP allowed |
29 |
Rule with IP Range |
Allow IP range |
Range allowed |
30 |
Rule with Invalid CIDR |
Add rule with invalid CIDR |
Operation fails |
31 |
Rule with Invalid Port |
Add rule with invalid port |
Operation fails |
32 |
Rule with Invalid Protocol |
Add rule with invalid protocol |
Operation fails |
33 |
Rule with Overlapping CIDRs |
Add overlapping rules |
Most specific rule applied |
34 |
Rule with Conflicting Actions |
Add allow and deny for same traffic |
Lower rule number takes effect |
35 |
Rule with All Protocols |
Allow all protocols |
All traffic allowed |
36 |
Rule with TCP Only |
Allow only TCP |
UDP traffic blocked |
37 |
Rule with UDP Only |
Allow only UDP |
TCP traffic blocked |
38 |
Rule with Stateless Behavior |
Test stateless nature of NACL |
Return traffic must be explicitly allowed |
39 |
Rule with Subnet Isolation |
Isolate subnet using NACL |
Subnet becomes unreachable |
40 |
Rule with Bastion Host |
Allow access via bastion |
Access succeeds |
41 |
Rule with Load Balancer |
Allow traffic to/from ELB |
Load balancer functions |
42 |
Rule with NAT Gateway |
Allow NAT traffic |
Outbound traffic allowed |
43 |
Rule with VPN |
Allow VPN traffic |
VPN tunnel works |
44 |
Rule with Peering |
Allow traffic to peered VPC |
Peered traffic allowed |
45 |
Rule with Transit Gateway |
Allow TGW traffic |
Traffic routed correctly |
46 |
Rule with Interface Endpoint |
Allow endpoint traffic |
Endpoint reachable |
47 |
Rule with Gateway Endpoint |
Allow gateway endpoint traffic |
Endpoint reachable |
48 |
Rule with Multi-AZ |
Apply NACL across AZs |
Rules enforced in all AZs |
49 |
Rule with Flow Logs |
Capture NACL traffic logs |
Logs show traffic patterns |
50 |
Rule with Failover |
Test failover scenario |
NACL rules still enforced |
Elastic IP Support - Testcases
S.No |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Allocate EIP |
Allocate a new Elastic IP |
EIP is allocated successfully |
2 |
Release EIP |
Release an unused EIP |
EIP is released and removed |
3 |
Associate EIP |
Associate EIP with instance |
Instance is reachable via EIP |
4 |
Disassociate EIP |
Disassociate EIP from instance |
EIP is unlinked successfully |
5 |
Reassociate EIP |
Reassociate EIP to another instance |
EIP moves to new instance |
6 |
EIP with ENI |
Associate EIP with Elastic Network Interface |
EIP is bound to ENI |
7 |
EIP with NAT Gateway |
Assign EIP to NAT Gateway |
NAT Gateway uses EIP |
8 |
EIP with Load Balancer |
Assign EIP to NLB |
Load balancer uses EIP |
9 |
EIP with Bastion Host |
Assign EIP to bastion host |
Bastion is reachable |
10 |
EIP with Auto Scaling |
Use EIP in Auto Scaling Group |
EIP reassigned on scale events |
11 |
EIP with Stop/Start |
Stop and start instance with EIP |
EIP remains associated |
12 |
EIP with Reboot |
Reboot instance with EIP |
EIP remains associated |
13 |
EIP with Termination |
Terminate instance with EIP |
EIP becomes disassociated |
14 |
EIP with IPv6 |
Attempt to assign EIP to IPv6 |
Operation fails (EIP is IPv4 only) |
15 |
EIP with Public Subnet |
Assign EIP in public subnet |
Instance is reachable |
16 |
EIP with Private Subnet |
Assign EIP in private subnet |
Requires NAT or IGW |
17 |
EIP with Route Table |
Route traffic to EIP |
Traffic reaches instance |
18 |
EIP with Security Group |
Allow inbound to EIP |
Traffic allowed per rules |
19 |
EIP with NACL |
Apply NACL to EIP subnet |
Traffic filtered correctly |
20 |
EIP with Flow Logs |
Enable flow logs for EIP subnet |
Logs show EIP traffic |
21 |
EIP with Monitoring |
Monitor EIP usage |
Metrics available |
22 |
EIP with Logging |
Log EIP access |
Logs generated |
23 |
EIP with Tags |
Tag EIP resource |
Tags applied successfully |
24 |
EIP with Billing |
Check billing for EIP |
Charges apply if not associated |
25 |
EIP with Reserved IP |
Try to assign reserved IP |
Operation fails |
26 |
EIP with Invalid IP |
Try to assign invalid IP |
Operation fails |
27 |
EIP with Multiple Associations |
Try to associate EIP to multiple resources |
Operation fails |
28 |
EIP with DNS |
Resolve EIP via DNS |
DNS resolution works |
29 |
EIP with Reverse DNS |
Configure reverse DNS |
PTR record set |
30 |
EIP with Elastic Beanstalk |
Use EIP in Beanstalk environment |
EIP assigned to environment |
31 |
EIP with ECS |
Use EIP with ECS service |
EIP reachable via service |
32 |
EIP with EKS |
Use EIP with Kubernetes service |
EIP reachable |
33 |
EIP with VPN |
Use EIP for VPN endpoint |
VPN tunnel established |
34 |
EIP with Direct Connect |
Use EIP with DX gateway |
EIP reachable |
35 |
EIP with Transit Gateway |
Route via TGW using EIP |
Traffic routed correctly |
36 |
EIP with Interface Endpoint |
Use EIP with endpoint |
Endpoint reachable |
37 |
EIP with Gateway Endpoint |
Use EIP with gateway |
Endpoint reachable |
38 |
EIP with Failover |
Test failover with EIP |
EIP reassigned to standby |
39 |
EIP with High Availability |
Use EIP in HA setup |
EIP moves on failover |
40 |
EIP with Multi-AZ |
Use EIP across AZs |
EIP reassigned as needed |
41 |
EIP with Elastic IP Pool |
Allocate from pool |
EIP assigned from pool |
42 |
EIP with Custom Route |
Add route to EIP |
Route functions correctly |
43 |
EIP with Firewall |
Apply firewall rules |
Rules enforced |
44 |
EIP with ACL Logging |
Log access to EIP |
Logs show traffic |
45 |
EIP with Compliance |
Validate EIP usage |
Passes compliance checks |
46 |
EIP with Audit Trail |
Track EIP events |
Events logged |
47 |
EIP with Backup |
Backup EIP configuration |
Backup created |
48 |
EIP with Restore |
Restore EIP settings |
EIP reassigned |
49 |
EIP with Quota |
Allocate beyond quota |
Operation fails |
50 |
EIP with Automation |
Assign EIP via script |
Script executes successfully |
NAT Gateway Integration - Testcases
S.No |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Create NAT Gateway |
Create a new NAT Gateway |
NAT Gateway created successfully |
2 |
Delete NAT Gateway |
Delete an existing NAT Gateway |
NAT Gateway deleted |
3 |
Allocate EIP |
Allocate Elastic IP for NAT |
EIP allocated |
4 |
Associate EIP |
Associate EIP with NAT Gateway |
EIP associated successfully |
5 |
NAT in Public Subnet |
Place NAT Gateway in public subnet |
NAT Gateway accessible |
6 |
Route Private Subnet |
Route private subnet traffic to NAT |
Outbound internet access enabled |
7 |
Route Table Update |
Add NAT route to route table |
Route added successfully |
8 |
Remove NAT Route |
Remove NAT route from route table |
Internet access removed |
9 |
NAT with Multiple Subnets |
Use NAT for multiple private subnets |
All subnets access internet |
10 |
NAT with Security Groups |
Apply SG to instances using NAT |
SG rules enforced |
11 |
NAT with NACLs |
Apply NACLs to NAT subnet |
Traffic filtered correctly |
12 |
NAT with Flow Logs |
Enable flow logs on NAT subnet |
Logs show NAT traffic |
13 |
NAT with Monitoring |
Monitor NAT Gateway metrics |
Metrics available |
14 |
NAT with Logging |
Enable logging for NAT |
Logs generated |
15 |
NAT with Tags |
Tag NAT Gateway |
Tags applied successfully |
16 |
NAT with Auto Scaling |
Use NAT in ASG setup |
Instances access internet |
17 |
NAT with ECS |
Use NAT with ECS tasks |
Tasks access internet |
18 |
NAT with EKS |
Use NAT with Kubernetes pods |
Pods access internet |
19 |
NAT with Lambda |
Use NAT for Lambda in private subnet |
Lambda accesses internet |
20 |
NAT with Bastion Host |
Access NAT subnet via bastion |
Access successful |
21 |
NAT with VPN |
Use NAT with VPN-connected VPC |
Outbound traffic routed |
22 |
NAT with Transit Gateway |
Route via TGW to NAT |
Traffic routed correctly |
23 |
NAT with Peering |
Use NAT in peered VPC |
Traffic routed via NAT |
24 |
NAT with Interface Endpoint |
Use NAT with VPC endpoint |
Endpoint reachable |
25 |
NAT with Gateway Endpoint |
Use NAT with gateway endpoint |
Endpoint reachable |
26 |
NAT with IPv6 |
Attempt to use NAT with IPv6 |
Operation fails (NAT is IPv4 only) |
27 |
NAT with High Throughput |
Test NAT under high load |
NAT handles traffic |
28 |
NAT with Failover |
Simulate NAT failure |
Traffic rerouted or fails |
29 |
NAT with Multi-AZ |
Deploy NAT in multiple AZs |
High availability achieved |
30 |
NAT with Elastic IP Reuse |
Reuse EIP for new NAT |
EIP reassigned successfully |
31 |
NAT with Reserved IP |
Try to assign reserved IP |
Operation fails |
32 |
NAT with Invalid Subnet |
Deploy NAT in private subnet |
Operation fails |
33 |
NAT with Invalid Route |
Add invalid route to NAT |
Operation fails |
34 |
NAT with DNS Resolution |
Resolve DNS via NAT |
DNS resolution works |
35 |
NAT with ICMP |
Ping external IP via NAT |
Ping succeeds |
36 |
NAT with HTTP |
Access HTTP site via NAT |
Access successful |
37 |
NAT with HTTPS |
Access HTTPS site via NAT |
Access successful |
38 |
NAT with Custom Port |
Use custom port via NAT |
Traffic routed correctly |
39 |
NAT with Logging Disabled |
Disable logging |
No logs generated |
40 |
NAT with Billing |
Check NAT billing |
Charges reflect usage |
41 |
NAT with Compliance |
Validate NAT setup |
Passes compliance checks |
42 |
NAT with Audit Trail |
Track NAT events |
Events logged |
43 |
NAT with Backup |
Backup NAT configuration |
Backup created |
44 |
NAT with Restore |
Restore NAT from backup |
NAT restored |
45 |
NAT with Quota |
Create NAT beyond quota |
Operation fails |
46 |
NAT with Automation |
Deploy NAT via script |
Script executes successfully |
47 |
NAT with CloudFormation |
Deploy NAT via template |
Stack creates NAT |
48 |
NAT with Terraform |
Deploy NAT using Terraform |
NAT provisioned |
49 |
NAT with Boto3 |
Manage NAT via Python SDK |
API calls succeed |
50 |
NAT with CLI |
Manage NAT via AWS CLI |
Commands execute successfully |
Internet Gateway Access - Testcases
S.No |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Create IGW |
Create a new Internet Gateway |
IGW created successfully |
2 |
Attach IGW |
Attach IGW to a VPC |
IGW attached to VPC |
3 |
Detach IGW |
Detach IGW from VPC |
IGW detached successfully |
4 |
Delete IGW |
Delete an unused IGW |
IGW deleted successfully |
5 |
Route to IGW |
Add route to IGW in route table |
Internet access enabled |
6 |
Remove IGW Route |
Remove IGW route |
Internet access disabled |
7 |
Public Subnet Access |
Use IGW in public subnet |
Instance has internet access |
8 |
Private Subnet Access |
Use IGW in private subnet |
No internet access (expected) |
9 |
IGW with EIP |
Use IGW with Elastic IP |
Instance reachable via EIP |
10 |
IGW with NAT Gateway |
Use IGW for NAT Gateway |
Private subnets access internet |
11 |
IGW with Route Table |
Associate IGW in route table |
Route to 0.0.0.0/0 via IGW |
12 |
IGW with Security Group |
Allow inbound traffic |
Access allowed per SG rules |
13 |
IGW with NACL |
Apply NACL to IGW subnet |
Traffic filtered correctly |
14 |
IGW with Flow Logs |
Enable flow logs |
Logs show IGW traffic |
15 |
IGW with Monitoring |
Monitor IGW traffic |
Metrics available |
16 |
IGW with Logging |
Enable logging for IGW subnet |
Logs generated |
17 |
IGW with Tags |
Tag IGW resource |
Tags applied successfully |
18 |
IGW with Auto Scaling |
Use IGW in ASG setup |
Instances access internet |
19 |
IGW with ECS |
Use IGW with ECS tasks |
Tasks access internet |
20 |
IGW with EKS |
Use IGW with Kubernetes pods |
Pods access internet |
21 |
IGW with Lambda |
Use IGW for Lambda in VPC |
Lambda accesses internet |
22 |
IGW with Bastion Host |
Access private subnet via bastion |
Access successful |
23 |
IGW with VPN |
Use IGW with VPN |
VPN tunnel coexists with IGW |
24 |
IGW with Transit Gateway |
Route via TGW to IGW |
Traffic routed correctly |
25 |
IGW with Peering |
Use IGW in peered VPC |
Peered VPC cannot use IGW directly |
26 |
IGW with Interface Endpoint |
Use IGW with endpoint |
Endpoint reachable |
27 |
IGW with Gateway Endpoint |
Use IGW with gateway |
Endpoint reachable |
28 |
IGW with IPv6 |
Use IGW with IPv6 route |
IPv6 internet access enabled |
29 |
IGW with DNS Resolution |
Resolve DNS via IGW |
DNS resolution works |
30 |
IGW with ICMP |
Ping external IP via IGW |
Ping succeeds |
31 |
IGW with HTTP |
Access HTTP site via IGW |
Access successful |
32 |
IGW with HTTPS |
Access HTTPS site via IGW |
Access successful |
33 |
IGW with Custom Port |
Use custom port via IGW |
Traffic routed correctly |
34 |
IGW with Invalid Route |
Add invalid route to IGW |
Operation fails |
35 |
IGW with Invalid Subnet |
Attach IGW to private subnet |
No internet access |
36 |
IGW with Reserved IP |
Try to assign reserved IP |
Operation fails |
37 |
IGW with High Throughput |
Test IGW under load |
IGW handles traffic |
38 |
IGW with Failover |
Simulate IGW failure |
No internet access |
39 |
IGW with Multi-AZ |
Use IGW across AZs |
Internet access in all AZs |
40 |
IGW with Elastic IP Reuse |
Reuse EIP with IGW |
EIP reassigned successfully |
41 |
IGW with Compliance |
Validate IGW setup |
Passes compliance checks |
42 |
IGW with Audit Trail |
Track IGW events |
Events logged |
43 |
IGW with Backup |
Backup IGW configuration |
Backup created |
44 |
IGW with Restore |
Restore IGW from backup |
IGW restored |
45 |
IGW with Quota |
Create IGW beyond quota |
Operation fails |
46 |
IGW with Automation |
Deploy IGW via script |
Script executes successfully |
47 |
IGW with CloudFormation |
Deploy IGW via template |
Stack creates IGW |
48 |
IGW with Terraform |
Deploy IGW using Terraform |
IGW provisioned |
49 |
IGW with Boto3 |
Manage IGW via Python SDK |
API calls succeed |
50 |
IGW with CLI |
Manage IGW via AWS CLI |
Commands execute successfully |
DNS Resolution - Testcases
S.No |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Enable DNS Resolution |
Enable DNS resolution in VPC settings |
DNS resolution is active |
2 |
Disable DNS Resolution |
Disable DNS resolution in VPC |
DNS resolution is disabled |
3 |
Default DNS Resolver |
Use default VPC DNS resolver |
Hostnames resolve successfully |
4 |
Custom DNS Server |
Configure custom DNS server |
DNS queries routed to custom server |
5 |
Resolve EC2 Hostname |
Resolve private DNS of EC2 |
Returns private IP |
6 |
Resolve Public Hostname |
Resolve public DNS of EC2 |
Returns public IP |
7 |
Resolve Internal Service |
Resolve internal service name |
Service IP returned |
8 |
Resolve External Domain |
Resolve external domain (e.g., google.com) |
Public IP returned |
9 |
DNS Resolution in Private Subnet |
Resolve DNS in private subnet |
Resolution works via NAT or resolver |
10 |
DNS Resolution in Public Subnet |
Resolve DNS in public subnet |
Resolution works directly |
11 |
DNS Resolution with IGW |
Resolve DNS with internet gateway |
Resolution succeeds |
12 |
DNS Resolution with NAT |
Resolve DNS via NAT gateway |
Resolution succeeds |
13 |
DNS Resolution with Route 53 |
Use Route 53 private hosted zone |
Internal names resolve correctly |
14 |
DNS Resolution with Custom Domain |
Use custom domain in Route 53 |
Custom names resolve |
15 |
DNS Resolution with DHCP Options |
Set DNS servers via DHCP options |
Instances use specified DNS |
16 |
DNS Resolution with Security Group |
Allow DNS traffic in SG |
DNS queries succeed |
17 |
DNS Resolution with NACL |
Allow DNS traffic in NACL |
DNS queries succeed |
18 |
DNS Resolution with Firewall |
Allow DNS traffic in firewall |
DNS queries succeed |
19 |
DNS Resolution with Flow Logs |
Monitor DNS traffic in flow logs |
Logs show DNS traffic |
20 |
DNS Resolution with Monitoring |
Monitor DNS metrics |
Metrics available |
21 |
DNS Resolution with Logging |
Enable DNS query logging |
Logs are generated |
22 |
DNS Resolution with ECS |
Resolve DNS in ECS task |
DNS works inside container |
23 |
DNS Resolution with EKS |
Resolve DNS in Kubernetes pod |
DNS works inside pod |
24 |
DNS Resolution with Lambda |
Resolve DNS in Lambda function |
DNS queries succeed |
25 |
DNS Resolution with Bastion Host |
Resolve DNS from bastion |
DNS queries succeed |
26 |
DNS Resolution with VPN |
Resolve DNS over VPN |
Internal names resolve |
27 |
DNS Resolution with Direct Connect |
Resolve DNS over DX |
Internal names resolve |
28 |
DNS Resolution with Transit Gateway |
Resolve DNS across VPCs |
DNS queries routed correctly |
29 |
DNS Resolution with Peering |
Resolve DNS in peered VPC |
DNS resolution works if enabled |
30 |
DNS Resolution with Interface Endpoint |
Resolve DNS for interface endpoint |
Endpoint resolves correctly |
31 |
DNS Resolution with Gateway Endpoint |
Resolve DNS for gateway endpoint |
Endpoint resolves correctly |
32 |
DNS Resolution with IPv6 |
Resolve DNS over IPv6 |
Resolution succeeds |
33 |
DNS Resolution with Split Horizon |
Use split-horizon DNS |
Internal and external names resolve differently |
34 |
DNS Resolution with DNS Failover |
Test failover to secondary DNS |
Fallback DNS used |
35 |
DNS Resolution with TTL |
Test DNS caching behavior |
TTL respected |
36 |
DNS Resolution with Invalid Domain |
Resolve invalid domain |
Returns NXDOMAIN |
37 |
DNS Resolution with Timeout |
Simulate DNS timeout |
Query fails gracefully |
38 |
DNS Resolution with High Load |
Test DNS under load |
Resolution remains stable |
39 |
DNS Resolution with DNSSEC |
Use DNSSEC-enabled domain |
Resolution succeeds with validation |
40 |
DNS Resolution with Reverse Lookup |
Perform reverse DNS lookup |
PTR record returned |
41 |
DNS Resolution with Host File Override |
Override DNS with host file |
Local resolution used |
42 |
DNS Resolution with DNS Proxy |
Use DNS proxy in VPC |
Queries routed through proxy |
43 |
DNS Resolution with Multi-AZ |
Resolve DNS across AZs |
Resolution consistent |
44 |
DNS Resolution with Multi-Region |
Resolve DNS across regions |
Resolution works if configured |
45 |
DNS Resolution with Compliance |
Validate DNS setup |
Passes compliance checks |
46 |
DNS Resolution with Audit Trail |
Track DNS configuration changes |
Changes logged |
47 |
DNS Resolution with Backup |
Backup DNS settings |
Backup created |
48 |
DNS Resolution with Restore |
Restore DNS settings |
DNS restored |
49 |
DNS Resolution with Quota |
Exceed DNS query quota |
Queries throttled |
50 |
DNS Resolution with Automation |
Configure DNS via script |
Script executes successfully |
IPV6 Support - Testcases
S.No |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Enable IPv6 |
Enable IPv6 support in VPC |
IPv6 enabled successfully |
2 |
Disable IPv6 |
Disable IPv6 in VPC |
IPv6 disabled |
3 |
Assign IPv6 CIDR |
Assign IPv6 CIDR block to VPC |
CIDR assigned successfully |
4 |
Remove IPv6 CIDR |
Remove IPv6 CIDR block |
CIDR removed |
5 |
Create IPv6 Subnet |
Create subnet with IPv6 CIDR |
Subnet created successfully |
6 |
Assign IPv6 to Instance |
Assign IPv6 address to EC2 |
IPv6 address assigned |
7 |
Auto-assign IPv6 |
Enable auto-assignment of IPv6 |
Instances get IPv6 automatically |
8 |
Static IPv6 Assignment |
Manually assign IPv6 |
Static IPv6 assigned |
9 |
IPv6 in Public Subnet |
Use IPv6 in public subnet |
Instance accessible via IPv6 |
10 |
IPv6 in Private Subnet |
Use IPv6 in private subnet |
No direct internet access |
11 |
IPv6 Route Table |
Add IPv6 route to route table |
Route added successfully |
12 |
IPv6 Internet Gateway |
Use IGW for IPv6 traffic |
IPv6 internet access enabled |
13 |
IPv6 NAT Gateway |
Attempt to use NAT for IPv6 |
Operation fails (not supported) |
14 |
IPv6 Security Group |
Allow IPv6 traffic in SG |
Traffic allowed |
15 |
IPv6 NACL |
Allow IPv6 traffic in NACL |
Traffic allowed |
16 |
IPv6 DNS Resolution |
Resolve IPv6-enabled domain |
AAAA record returned |
17 |
IPv6 with Route 53 |
Use IPv6 in Route 53 records |
IPv6 DNS works |
18 |
IPv6 with ECS |
Assign IPv6 to ECS task |
Task reachable via IPv6 |
19 |
IPv6 with EKS |
Assign IPv6 to pod |
Pod reachable via IPv6 |
20 |
IPv6 with Lambda |
Use IPv6 in Lambda VPC config |
Lambda accesses IPv6 |
21 |
IPv6 with Load Balancer |
Use IPv6 with ELB |
ELB accessible via IPv6 |
22 |
IPv6 with VPN |
Use IPv6 over VPN |
Tunnel supports IPv6 |
23 |
IPv6 with Direct Connect |
Use IPv6 over DX |
IPv6 traffic routed |
24 |
IPv6 with Transit Gateway |
Route IPv6 via TGW |
IPv6 traffic routed |
25 |
IPv6 with Peering |
Use IPv6 in peered VPC |
IPv6 traffic routed |
26 |
IPv6 with Interface Endpoint |
Use IPv6 with endpoint |
Endpoint reachable |
27 |
IPv6 with Gateway Endpoint |
Use IPv6 with gateway |
Endpoint reachable |
28 |
IPv6 with DHCPv6 |
Use DHCPv6 for address assignment |
IPv6 assigned via DHCP |
29 |
IPv6 with SLAAC |
Use SLAAC for address assignment |
IPv6 assigned automatically |
30 |
IPv6 with ICMP |
Ping IPv6 address |
Ping succeeds |
31 |
IPv6 with HTTP |
Access HTTP site via IPv6 |
Access successful |
32 |
IPv6 with HTTPS |
Access HTTPS site via IPv6 |
Access successful |
33 |
IPv6 with Custom Port |
Use custom port via IPv6 |
Traffic routed correctly |
34 |
IPv6 with Logging |
Enable logging for IPv6 traffic |
Logs generated |
35 |
IPv6 with Monitoring |
Monitor IPv6 traffic |
Metrics available |
36 |
IPv6 with Flow Logs |
Enable flow logs |
IPv6 traffic logged |
37 |
IPv6 with Compliance |
Validate IPv6 setup |
Passes compliance checks |
38 |
IPv6 with Audit Trail |
Track IPv6 changes |
Events logged |
39 |
IPv6 with Backup |
Backup IPv6 configuration |
Backup created |
40 |
IPv6 with Restore |
Restore IPv6 settings |
IPv6 restored |
41 |
IPv6 with Quota |
Exceed IPv6 address quota |
Operation fails |
42 |
IPv6 with Automation |
Configure IPv6 via script |
Script executes successfully |
43 |
IPv6 with CloudFormation |
Deploy IPv6 via template |
Stack creates IPv6 resources |
44 |
IPv6 with Terraform |
Deploy IPv6 using Terraform |
IPv6 provisioned |
45 |
IPv6 with Boto3 |
Manage IPv6 via Python SDK |
API calls succeed |
46 |
IPv6 with CLI |
Manage IPv6 via AWS CLI |
Commands execute successfully |
47 |
IPv6 with DNS64/NAT64 |
Use DNS64/NAT64 for IPv6-only clients |
IPv4 services accessible |
48 |
IPv6 with Dual Stack |
Use IPv4 and IPv6 together |
Both protocols work |
49 |
IPv6 with Reserved Address |
Try to assign reserved IPv6 |
Operation fails |
50 |
IPv6 with Invalid CIDR |
Assign invalid IPv6 CIDR |
Operation fails |
Reference links